Lucene search
K

104 matches found

OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.16 views

Slackware: Security Advisory (SSA:2013-242-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS7.6AI score0.0644EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:5 p.m.37 views

Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844)

Summary It was found that GnuTLS's implementation of HMAC-SHA-384 and HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS0.4AI score0.03623EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2021/08/28 4:37 p.m.20 views

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShel...

6.9AI score
Exploits0
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/06/03 6:2 a.m.79 views

OWASP Top-10 2021, statistically calculated proposal.

Everybody knows the OWASP Top-10 as well as the fact that it gets updated only every other 3–4 years. With the last update published in 2017, it’s no surprise that a new version is coming this year. During my application security career, I saw OWASP Top-10 at least in 2003, 2004, 2007, 2010, 2013...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/02/24 12:0 a.m.4 views

SAS Visual Analytics Cross-Site Scripting Vulnerability

SAS Visual Analytics is data visualization software that helps build and design interactive Web dashboards. A cross-site scripting vulnerability exists in the graph generator in SAS Visual Analytics 8.5. An attacker can exploit this vulnerability to execute malicious Javascript in a user's browse...

5.4CVSS6.4AI score0.00521EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1136)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.1AI score0.03623EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/01/16 3:27 p.m.29 views

CVE-2018-10844

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS4.2AI score0.03623EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/12/26 2:0 p.m.80 views

Combining AI and Playbooks to Predict Cyberattacks

When organizations invest in AI, they are not only able to automate menial tasks like patching, but they can also create an automated system that looks for and discovers attacks, not only after the fact, but even before they occur. This predictive capability becomes increasingly necessary as...

0.2AI score
Exploits0References4
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/08/10 7:0 a.m.475 views

Breaking (bad) firmware encryption. Case study on the Netgear Nighthawk M1

TL;DR The firmware encryption for the Netgear Nighthawk M1 is mainly XOR. It’s possible to derive the XOR key by statistical analysis, just from the firmware update file itself. It’s then possible to extract an AES key from what’s XOR’d, which can be used to decrypt other parts of the firmware...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.229 views

EulerOS Virtualization for ARM 64 3.0.1.0 : gnutls (EulerOS-SA-2019-1388)

According to the versions of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote...

5.9CVSS7.5AI score0.03623EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.64 views

Fedora Update for pspp FEDORA-2019-817ff2201f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/30 12:0 a.m.32 views

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-1292)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References2
Fedora
Fedora
added 2019/04/06 7:44 p.m.42 views

[SECURITY] Fedora 29 Update: pspp-1.2.0-2.fc29

PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...

7.8CVSS6.9AI score0.02035EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.28 views

EulerOS Virtualization 2.5.3 : gnutls (EulerOS-SA-2019-1272)

According to the version of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could u...

5.9CVSS6.4AI score0.03623EPSS
Exploits0References2
Fedora
Fedora
added 2019/04/03 12:40 a.m.30 views

[SECURITY] Fedora 30 Update: pspp-1.2.0-2.fc30

PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...

6.5CVSS6.5AI score0.02035EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/04/02 12:0 a.m.27 views

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1136)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/02 12:0 a.m.30 views

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1112)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References2
Mageia
Mageia
added 2018/11/03 11:55 a.m.44 views

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

5.9CVSS2.4AI score0.03623EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/10/30 10:28 a.m.6 views

gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant

It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS7.2AI score0.03623EPSS
Exploits0References5
Securelist
Securelist
added 2018/09/03 10:0 a.m.52 views

We know what your kids did this summer

For many kids and teenagers, summer is all about ditching school books in favor of hobbies and fun. Every year we release a report on children's interests, as reflected in their online activity. This summer, we investigated what they prefer in their free time. The Parental Control module in...

0.1AI score
Exploits0
Rows per page
Query Builder